Security Soapbox | Privacy, Security and Everything in Between

In this week's episode of 5 Minute Friday, we discuss the resurgence of the Robin Banks, a phishing-as-a-service kit, and its tactics like MFA bypass. We also discuss related threats such as 0ktapus, showcasing evolving cyber threats and the replication of successful attack methods among different groups. To stay up to date on recent threat intelligence, ⁠⁠click here⁠. --- Send in a voice message: https://podcasters.spotify.com/pod/show/securitysoapbox/message

In this episode of 5 Minute Friday, we discuss droppers, a type of mobile malware that serves as a middleman between a target device and the threat actor's command and control server. Droppers are now being offered as a service, which could enable more advanced malware to get on more devices.  To stay up to date on recent threat intelligence, ⁠click here⁠. --- Send in a voice message: https://podcasters.spotify.com/pod/show/securitysoapbox/message

In this episode of 5 Minute Friday, we discuss recent research related to the advanced persistent threat (APT) group Arid Viper. Learn about how their tactics for targeting mobile users are exemplary of an attack chain that many cybercriminals use and why it's so effective To stay up to date on recent threat intelligence, click here. --- Send in a voice message: https://podcasters.spotify.com/pod/show/securitysoapbox/message

In this episode of Five Minute Friday, we delve into the shadowy world of cyber espionage as we explore Infamous Chisel, Sandworm, and Deblind. Discover how the Russian APT group, Sandworm, known for major international cyberattacks, ventured into mobile surveillance with Infamous Chisel. Learn about Deblind, a system-level Android app that operates with unprecedented privileges, collecting user activity and suppressing security warnings. For more information, visit: www.lookout.com/threat-intelligence/article/russian-sandworm-apt-infamous-chisel-deblind-spyware --- Send in a voice message: https://podcasters.spotify.com/pod/show/securitysoapbox/message

In this episode of Five Minute Friday, we discuss how societal disruption creates opportunities for malicious actors to exploit people's uncertainties. In this case, we examine a recent case where a malicious version of the legitimate mobile app, RedAlert - Rocket Alerts, was distributed, targeting individuals in Israel. To stay protected against these types of mobile threats, click here. --- Send in a voice message: https://podcasters.spotify.com/pod/show/securitysoapbox/message

On this week’s episode of 5 Minute Friday, we are discussing a recent iOS vulnerability, iLeakage, that exploits your web browser including opened tabs and login credentials. Learn more about iLeakage and the importance of protecting your mobile device —  the device that goes everywhere you do. For additional resources on protecting your mobile device, visit: www.lookout.com/products/endpoint-security/mobile-endpoint-security --- Send in a voice message: https://podcasters.spotify.com/pod/show/securitysoapbox/message

Caesars Entertainment and MGM resorts were recently breached by a well-known cybercrime group, Scattered Spider. Listen to this week’s 5 Minute Friday to learn about these attacks, how this group operates, and what you can do to avoid your organization being the next target. For a deeper dive, visit: www.lookout.com/documents/threat-reports/us/lookout_tg_scatteredspider.pdf --- Send in a voice message: https://podcasters.spotify.com/pod/show/securitysoapbox/message

Recent hype around Chinese apps TikTok and Pinduoduo has put a spotlight on the risk surrounding mobile apps. In this quick-fire Soap Suds episode, host Hank Schless discusses the concerns behind these Chinese apps and highlights the reasons why organizations need to keep tabs on mobile apps in general to minimize the risk to their data. For more information on data collection related security threats and how to ban risky apps like TikTok, check out our blog: https://bit.ly/tiktok-podcast --- Send in a voice message: https://podcasters.spotify.com/pod/show/securitysoapbox/message

With more devices than humans in our world today, the amount of data being generated is higher than ever, with no sign of slowing down. Enter: edge computing. In this episode, host Hank Schless is joined by Said Ouissal, Founder and CEO at ZEDEDA, to discuss edge computing — from its business applications to the challenges of securing the technology and everything in between. --- Send in a voice message: https://podcasters.spotify.com/pod/show/securitysoapbox/message

Organizations are making big decisions to implement cloud solutions to boost collaboration and gain competitive advantage. But many aren’t prepared to handle the risks that cloud services introduce. In this episode of Security Soapbox, host Hank Schless talks shop with Faz Sadikali, Founder of Cloud Insights, on how to build secure workstreams and level up IT to reap the benefits of the cloud while ensuring data remains secure. Read Faz's blog about IT modernization here: https://bit.ly/3h3qqlW --- Send in a voice message: https://podcasters.spotify.com/pod/show/securitysoapbox/message

With the rapid adoption of BYOD and the growing remote workforce, IT and security teams are just catching on to the need for mobile security to protect corporate data and assets. In this episode, host Hank Schless is joined by Cile Montgomery, Product Line Marketing Manager at VMware, to discuss the new risks mobile devices present to organizations and what trends to expect in the next year for mobile security. --- Send in a voice message: https://podcasters.spotify.com/pod/show/securitysoapbox/message

SharkBot, a notorious banking trojan, has just resurfaced since it was first spotted in the wild in October 2021. In this newest variation, the malware targets banking credentials through two apps with collectively over 60,000 downloads on Google Play. In this episode, host Hank Schless discusses what you need to know about SharkBot and how to protect yourself and your organization. --- Send in a voice message: https://podcasters.spotify.com/pod/show/securitysoapbox/message

Twilio, Cloudflare and other organizations reported employees were targeted with a phishing campaign leveraging a kit codenamed 0ktapus. Tune in for this short episode to learn more about the mechanisms behind the phishing campaign and tips for mitigating this threat. To learn more about this breach and how to protect your organization, check out our blog on this topic: https://bit.ly/3cuweCI --- Send in a voice message: https://podcasters.spotify.com/pod/show/securitysoapbox/message

Cybersecurity challenges are moving at cloud speed and leaving legacy approaches in the dust. On this week’s episode, host Hank Schless is joined by Ramy Houssaini, head of privacy and cyber risk at BNP Paribas, to discuss the top security considerations CISOs should be aware of in this rapidly changing security environment. To learn more about what Ramy spoke about, check out Hank's blog on this topic: https://bit.ly/3KtYMsI --- Send in a voice message: https://podcasters.spotify.com/pod/show/securitysoapbox/message

When pitching to your board of directors, security should be treated like any other business unit. On this week’s Security Soapbox, our host Hank Schless is joined by Paul Simmonds, CEO of the Global Identity Foundation and Former CISO of AstraZeneca, ICI and Motorola Cellular Infrastructure. They discuss how to cut through buzzwords and turn security into a business enabler. Check out Paul’s guest blog on lookout.com to learn more: https://bit.ly/38zFunf --- Send in a voice message: https://podcasters.spotify.com/pod/show/securitysoapbox/message